package com.jt.redis.resource.config;

import org.codehaus.jackson.map.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.access.AccessDeniedHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;

@Configuration
@EnableResourceServer
//启动在方法层面进行权限控制，需要授权才可访问的方法上添加 @PreAuthorize等注解
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
//    @Autowired
//    private TokenStore tokenStore;
//    @Override
//    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
////        super.configure(resources);
//        //通过tokenStore获取token解析器对象，基于此对象对token进行解析
//        resources.tokenStore(tokenStore);
//    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
//        super.configure(http);
        //关闭跨域攻击
        http.csrf().disable();
        //
//        http.exceptionHandling().accessDeniedHandler(accessDeniedHandler());
        //放行相关请求
        http.authorizeRequests()
                //当前路径必须要认证，其他路径全部放行
                .antMatchers("/resource/upload/**")
                .authenticated()
                .anyRequest().permitAll();
    }

//    public AccessDeniedHandler accessDeniedHandler() {
////        return new AccessDeniedHandler() {
////            @Override
////            public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException e) throws IOException, ServletException {
////
////            }
////        }
//        return (Request,Response,e) ->{
//            Map<String,Object> map = new HashMap<>();
//            map.put("statue", HttpServletResponse.SC_FORBIDDEN);
//            map.put("message","没有访问权限，请联系管理员");
//            Response.setCharacterEncoding("utf-8");
//            Response.setContentType("application/json;charset=utf-8");
//            PrintWriter writer = Response.getWriter();
//            String result = new ObjectMapper().writeValueAsString(map);
//            writer.println(result);
//            writer.flush();
//        };
//    }
}
